Home/Text & Encoding/HTML Encode/Escape
Back to tools

HTML Encode/Escape

Convert HTML special characters to entities to safely display HTML code and prevent XSS attacks.

Examples

HTML Tags

Prevents HTML from being rendered

Original:<div class="container">Hello World!</div>
Encoded:&lt;div class=&quot;container&quot;&gt;Hello World!&lt;/div&gt;

Script Tag

Prevents XSS attacks

Original:<script>alert("XSS")</script>
Encoded:&lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt;

Attributes

Escapes quotes and special chars

Original:<a href="javascript:void(0)" onclick="alert('test')">Link</a>
Encoded:&lt;a href=&quot;javascript:void(0)&quot; onclick=&quot;alert(&#39;test&#39;)&quot;&gt;Link&lt;/a&gt;

Special Symbols

Converts symbols to entities (Named mode)

Original:© 2024 Company™ · Price: €99 & £75
Encoded:&copy; 2024 Company&trade; · Price: &euro;99 &amp; &pound;75

International

Handles international characters (All mode)

Original:Café • Résumé • 北京
Encoded:Caf&#233; &#8226; R&#233;sum&#233; &#8226; &#21271;&#20京;

Click any example to load it into the encoder

Common HTML Entities

<&lt;
>&gt;
&&amp;
"&quot;
'&#39;
©&copy;
®&reg;
&trade;
&euro;
£&pound;
&bull;
&nbsp;

About HTML Encoding

HTML encoding converts special characters into HTML entities to ensure they are displayed correctly in web browsers and not interpreted as HTML code. This is essential for preventing XSS (Cross-Site Scripting) attacks and displaying HTML source code on web pages.

Encoding Types:

  • Basic: Encodes only essential HTML characters (< > & " ')
  • Named Entities: Uses human-readable entity names (e.g., &copy; for ©)
  • All Special: Encodes all non-ASCII characters to numeric entities

Security Tip

Always encode user input before displaying it on a web page to prevent XSS attacks. Never trust user input and always sanitize it properly.

Related Tools

URL Encode

Encode URL strings

Base64 Encode

Encode to Base64

JSON Formatter

Format JSON data

Markdown Editor

Convert Markdown